1. Field of the Invention
This invention relates to a secure end-to-end communication system and methods of operation using vault technology. More particularly, the invention relates to a vault controller secure depositor and a method of operation in an electronic business system managing secure communication between vaults in a vault controller(s).
2. Background Discussion
Traditionally, organizations such as retailers, banks, and insurance companies, in conducting electronic business, register their customers or users and control their access to business software applications with a user identification (xe2x80x9cuser IDxe2x80x9d) and password. The user ID and password establish a user""s identity for accessing secured information. The password is the xe2x80x9cvirtual keyxe2x80x9d that authenticates a user. However, a password does not provide the security needed for electronic business. Passwords have the following limitations:
(a) can be compromised during log-on by on-lookers;
(b) can be easily intercepted on the Internet if the transaction is not secured with a secure web protocol, such as secure sockets layer;
(c) authenticate a user to a host, but not a host to a user;
(d) can be discovered using automated xe2x80x9ctrial and errorxe2x80x9d techniques;
(e) do not protect transmitted information; and
(f) do not ensure that access is limited to authorized entities and applications.
A new approach to conducting electronic business on the Internet is described in the cross-referenced application. In this approach, digital keys replaced user identification-password pairs. Public key cryptography uses mathematically related public-private key pairs. Only the private key can decrypt the information the public key has encrypted. Only the public key can verify signature performed by the private key. The public key can be made available to any one. The private key is kept secret by the holder.
Just as digital keys are replacing user identification-password pairs in electronic business, digital signatures are replacing physical signatures. A digital signature is a coded message affixed to a document or data that helps guarantee the identity of the sender, thereby providing a greater level of security than a physical signature. A digital signature identifies the sender because only the sender""s private key can create the signature. The key also helps ensure the content of the signed message cannot be altered without the recipient being able to discover that the message has been altered.
Digital certificates are also replacing their physical counterpartxe2x80x94hard copy credentialsxe2x80x94in electronic business. A digital certificate, issued by a certification authority, vouches for (or certifies) the key of an individual, software application, organization or business. The certificate performs a role similar to that of a driver""s license or medical diplomaxe2x80x94the certificate certifies that the bearer of the corresponding private key is authorized (by an organization) to conduct certain activities with that organization.
However, the life cycle of digital certificates is similar to that of physical certificates. Digital certificates are issued for a specific amount of time. The certificate may be temporarily suspended under certain conditions and reissued at a later time. The certificate may be permanently revoked by the organization. Finally, digital certificates expire. For secure end-to-end communication in electronic business, the certificate must be validated to determine whether the certificate has expired, been revoked or suspended.
Digital certificates are issued through authorized registrars known as Registration Authorities (RAs). The authorities determine whether the applicant should be authorized to access secure applications or services and set in motion the processes to issue a certificate. A Certification Authority (CA) issues the digital certificate after approval by the Registration Authority. The certificate is a binding between a public key and an identity, e.g. a person, organization or computer device. The certificate includes a subject name; issuer name; public key; validity period; unique serial number; CA digital signature. The CA guarantees the authenticity of the certificate through its digital signature. The certificate may be revoked at any time. The serial numbers of revoked certificates are added to a Certification Revoked List (xe2x80x9cCRLxe2x80x9d) published in an X.500 Directory based on a standard defined by the International Telecommunications Union (xe2x80x9cITUxe2x80x9d). The X.500 standard is now being used to implement a xe2x80x9cwhite pagesxe2x80x9d for the Internet service. That is, a directory of people, computers, services, and of course electronic mail addresses. This on-line directory provides a single, global source of information that is constantly updated.
IBM xe2x80x9cVaultxe2x80x9d technology, described in the related application Ser. No. 08/980,022, supra provides strong authentication of clients and servers using digital keys and digital certificates for conducting electronic business. xe2x80x9cVaultxe2x80x9d technology is described in the above cross-related application. Briefly stated, xe2x80x9cVaultxe2x80x9d technology provides a secure environment in a web server using a vault controller (hereinafter, web server-vault controller) for running a secure web-based registration process and enabling secure application. The controller provides security from other processes running on the same server and secure areas or personal storage vaults to which only the owner has a key. System operators, administrators, certificate authorities, registration authorities and others cannot gain access to stored information or secure processes in such personal vaults. Combined with a Secure Sockets Layer (SSL) protocol, the controller enables secure registration transactions that require multiple sessions using personal vaults. SSL, an EETF standard communication protocol, has built-in security services that are as transparent as possible to the end user and provides a digitally secure communication channel. The personal vault is owned by a particular platform Identification (ID), e.g. a UNIX ID account that is linked to a user with a specific Vault Access Certificate. The content of the vault is encrypted and contains an encryption key pair and signing key pair, both of which are passwords protected. Each vault has a unique Distinguished Name (DN) in an X.500 directory that provides storage for specific items essential to a Public Key Infrastructure (PKI). PKU uses digital certificates, certificate authorities, registration authorities, certificate management services, and distributed directory services to verify the identity and authority of each party involved in any transaction over the Internet. The common name portion of a Distinguished Name is based on a unique vault ID. In addition, the controller provides a unique mapping between the vault ID (which identifies the UNIX user account and the user""s home directory) and the Vault Access Certificate which enables an end-user to access a vault through a browser.
As a part of a secure end-to-end communication system conducting electronic business using vault technology, a need exists to send an receive messages securely between vaults in a controller and between vaults running in different vault controllers, even when no vault process is running in the recipient vault (i.e. the vault is inactive).
An object of the invention is a secure end-to-end communication system and method of operation for conducting electronic business using vault technology and handling communications securely between vault processes running in different vaults of a vault controller(s).
Another object is a secure depositor in a vault handling local or remote vault to vault secure communication.
Another object is a secure depositor daemon handling secure communications between vaults located in different controllers.
Another object is a secure depositor system and method for encrypting/decrypting messages transmitted between vaults in a local controller and with a vault in a remote controller.
Another object is a secure depositor system and method providing digital signatures for sending digitally signed and encrypted messages between vaults in a vault controller(s).
Another object is a secure depositor system and method verifying digital signatures for receiving digitally signed and encrypted messages between vaults in a vault controller(s).
Another object is a secure depositor system and method in a vault controller sending messages from a vault process to a specific vault rather than directly to another vault process.
Another object is a secure depositor system and method within a vault process which encrypts and sends messages to a secure depositor queue of a receiving vaults(s) which decrypts and verifies the message for the receiving vault process.
Another object is a secure depositor system and method within a vault process mapping from a vault owners Distinguished Name (DN) in a vault access certificate to a vault DN using signed information stored in an X.500 directory.
These and other objects, features, and advantages are achieved in a secure-end-to-end communication system for electronic business system and method of operation using vault technology, in which users interact with web server-vault controllers in a secure manner using a cryptographic protocol; digital keys and digital certificates. The web serverxe2x80x94vault controller provides personal storage in vaults in the controller for users, registration authorities and certification authorities. Each personal vault runs programs on the controller under a unique platform ID, e.g. a UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. User processes running in dedicated vaults are able to communicate with other User processes running in different vaults using a secure depositor running in each vault. There is no direct communication between vault processes. In operation, if a vault process intends for a message to go to another vault, e.g. Vault V, the sending secure depositor performs the mapping from the DN of the owner of Vault V to the DN of Vault V. The secure depositor then obtains the public encryption key of Vault V from the certificate found in the X.500 directory under the DN of Vault V. The secure depositor encrypts the message with recipient""s public key and signs the message with a private key of the originating vault. The secure depositor inserts the encrypted and signed message (including the signing certificate) into a queue for Vault V. On the receiving side, the receiving secure depositor retrieves and decrypts the message with the private decryption key in Vault V. The receiving secure depositor verifies the signature with the included certificate, after validating the certificate and checking the appropriate Certification Revocation Lists (CRL) in the X.500 directory. A secure daemon is used for relaying messages between processes running in vaults on different machines. The daemon receives messages from local or remote vaults and inserts them into the queues of the destination vault.